In 4.x kernel a dst in DST_OBSOLETE_DEAD state is associated
with loopback net_device and leads to loopback neighbour. It
leads to an ethernet header with all zero addresses.

A very troubling case is working with mac80211 and ath9k.
A packet with all zero source MAC address to mac80211 will
eventually fail ieee80211_find_sta_by_ifaddr in ath9k (xmit.c).
As result, ath9k flushes tx queue (ath_tx_complete_aggr) without
updating baw (block ack window), damages baw logic and disables
transmission.

Signed-off-by: Tong Zhu <zhut...@amazon.com>
---
 net/core/neighbour.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/core/neighbour.c b/net/core/neighbour.c
index 6e890f51b7d8..e471c32e448f 100644
--- a/net/core/neighbour.c
+++ b/net/core/neighbour.c
@@ -1271,7 +1271,7 @@ int neigh_update(struct neighbour *neigh, const u8 
*lladdr, u8 new,
                         * we can reinject the packet there.
                         */
                        n2 = NULL;
-                       if (dst) {
+                       if (dst && dst->obsolete != DST_OBSOLETE_DEAD) {
                                n2 = dst_neigh_lookup_skb(dst, skb);
                                if (n2)
                                        n1 = n2;
-- 
2.17.1

Reply via email to